About GELI root

[alphachi]

Environment: FreeBSD 10.0R amd64

The root partition is /dev/ada0p1 with gpart label /dev/gpt/rootfs. /dev/gpt/rootfs.eli is created from /dev/gpt/rootfs, not /dev/ada0p1.

# cat /boot/loader.conf
vfs.root.mountfrom="ufs:/dev/gpt/rootfs.eli"
aesni_load="YES"
geom_eli_load="YES"
geli_gpt_rootfs_keyfile0_load="YES"
geli_gpt_rootfs_keyfile0_type="gpt/rootfs:geli_keyfile0"
geli_gpt_rootfs_keyfile0_name="/boot/rootfskey"


Question 1.

Boot is OK, but many messages like the under can be found in dmesg:

...
GEOM_ELI: Found no key files in loader.conf for ad4p1
...
GEOM_ELI: Found no key files in loader.conf for gptid/*
...

After adding "kern.cam.ada.legacy_aliases=0" to /boot/loader.conf, the left messages are:

GEOM_ELI: Found no key files in loader.conf for ada0p1
GEOM_ELI: Found no key files in loader.conf for gptid/*

How to: disable the two messages except to change gpt_rootfs and gpt/rootfs to ada0p1 in /boot/loader.conf?

Question 2

I want to use the two different authentication for the root partition. The first(geli setkey -n 0) is a key without passphrase. The partition can be automounted with it. The second(geli setkey -n 1) is a passphrase without key. The partition can be mounted manually with it on the other computers.

Before I add the second, the partition can be automounted. After adding it, I have to input the passphrase at booting. It looks like the system mix the two authentication, instead of independence. Perhaps because of "geli init -b"?

How to: if the key is found, the autobooting is OK; if the key isn't found, the booting continue after inputting the passphrase?

Thanks!